Asp.net ConnectionString in secure way

Question

I could not get a satisfactory answer to my question on the google, they are:

• How secure ConnectionString is over the HttpRequest?
• Is using Connection

Answer 1

How secure ConnectionString is over the HttpRequest?

Do you send the connection string over http request ? Really ? what scenario it is ? Ususally only requests for a webpage travels thru http request and the response as well. Connectionstring is something your code internally use to access data and it stays in your server.

Is using ConnectionString in web.config file more secure than using in any specific aspx page?

Think about maintainability. If you put your connection string in a class, you have to rebuild your app when you have to change your connection string . If some body has access to your folder where you have your files, they can use a disassembler to see what is in your dlls.

And how to secure ConnectionString for highly secure website?

You can encrypt connection string in web.config. check this link http://www.codeproject.com/Tips/304638/Encrypt-or-Decrypt-Connection-Strings-in-web-confi